<?xml version="1.0" encoding="utf-8"?><!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"><glsaid="201101-05"><title>OpenAFS: Arbitrary code execution</title><synopsis>
The cache manager of OpenAFS contains several bugs resulting in remote
execution of arbitrary code.
</synopsis><producttype="ebuild">OpenAFS</product><announced>2011-01-16</announced><revisedcount="01">2011-01-16</revised><bug>265538</bug><access>remote</access><affected><packagename="net-fs/openafs"auto="yes"arch="*"><unaffectedrange="ge">1.4.9</unaffected><vulnerablerange="lt">1.4.9</vulnerable></package></affected><background><p>
OpenAFS is a distributed file system.
</p></background><description><p>
Two vulnerabilities were discovered:
</p><ul><li>
Simon Wilkinson discovered from a bug report by Toby Blake that the
cache manager of OpenAFS contains a heap-based buffer overflow which is
related to the use of the ERR_PTR macro (CVE-2009-1250).</li><li>A
pointer dereference bug when using XDR arrays was discovered by Simon
Wilkinson, with assistance from Derrick Brashear and Jeffrey Altman.
(CVE-2009-1251).</li></ul></description><impacttype="normal"><p>
The vulnerabilities might allow remote unauthenticated attackers to
cause a Denial of Service (system crash) and possibly execute arbitrary
code.
</p></impact><workaround><p>
There is no known workaround at this time.
</p></workaround><resolution><p>
All OpenAFS users should upgrade to the latest version:
</p><code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-fs/openafs-1.4.9"</code></resolution><references><urilink="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1250">CVE-2009-1250</uri><urilink="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1251">CVE-2009-1251</uri></references><metadatatag="submitter"timestamp="2010-06-01T20:56:43Z">
craig
</metadata><metadatatag="bugReady"timestamp="2010-09-21T20:07:41Z">
p-y
</metadata></glsa>